StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
18286991
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
0
CommunityOwnedDate
CreationDate
2013-08-17T08:58:22.647
FavoriteCount
0
LastActivityDate
2013-08-17T10:02:06.263
LastEditDate
2013-08-17T10:02:06.263
LastEditorUserId
733106
OwnerUserId
733106
ParentId
18286793
PostTypeId
2
Score
0
ViewCount
0
LastEditorDisplayName
text
Body
To achieve this in a scalable fashion with granular control you need permission-based authorization. You can try something like <a href="http://ASPSecurityKit.net" rel="nofollow">ASP Security Kit</a>. ASP Security Kit is built from ground up to build systems like this. Edit: This is how it can work: <ol> <li>You define a unique permission code with every action method. For example, CreateRestaurant, ReserveRestaurant</li> <li>These permission codes are stored in a master Permissions table in the database.</li> <li>You can create a seperate roles table and associate permissions appropriately. However, ASP Security Kit introduces a new concept of <a href="http://aspsecuritykit.net/blog/designing-activity-or-permission-based-instance-aware-authorization-for-aspnet-mvc-application#impliedPermissions" rel="nofollow">implied permissions</a> so you don't need role as a separate construct; you just create a higher-level permission, for example, 'RestaurantOwner', and make other permissions implied by it.</li> <li>There's a UserPermit table which associates permissions with users. For a specific type of users, E.G. restaurant owner, you will assign applicable permissions as the user is created.</li> <li>As user logs in, you load his permissions in the memory.</li> <li>You need a mechanism by which each controller's action is executed only if user possesses the unique permission code associated with that action. If user does not, you'll redirect him to a default page with message stating "unauthorized action"</li> <li>You can also look into the user permissions loaded to display or hide menu options.</li> </ol> ASP Security Kit does most of the above for you; for example, it can <a href="http://aspsecuritykit.net/Docs/GettingStarted#permissionInference" rel="nofollow">automatically infer permission code</a> for authorization so you don't have to hard code it. In addition, you need <a href="http://aspsecuritykit.net/blog/designing-activity-or-permission-based-instance-aware-authorization-for-aspnet-mvc-application#instanceOrResourceAwareAuthorization" rel="nofollow">resource checks</a> so that different users and restaurant owners do not fiddle with each other data. Disclosure: I'm the creator of ASP Security Kit.
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. POUsers with different capabilities
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. USVarun K
UserOwnerUserId
1. USVarun K
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. This table or related slice is empty.
CommentsPostId
1. This table or related slice is empty.

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.